Visa has dropped its seal of approval for credit and debit card processor Global Payments in the wake of a data breach involving 1.5 million accounts

Visa has dropped its seal of approval for credit and debit card processor Global Payments in the wake of a data breach involving 1.5 million accounts.

Download this free guide

3 key web security guidelines from FS-ISAC

We address the ongoing issues regarding web security for businesses relying on an online presence. Download this e-guide and discover how to identify and address overlooked web security vulnerabilities as well as why you should look at the full security development lifecycle to reduce web threats.

I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

Please check the box if you want to proceed.

I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.

Please check the box if you want to proceed.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

Visa has removed Global Payments from its list of those it considers to be compliant service providers, according to the Wall Street Journal.

Three US credit firms – Visa, MasterCard and Discover – warned that credit card holders' personal information could be at risk after the breach was revealed late on Friday.

In a statement, MasterCard said: "[We are] concerned whenever there is any possibility that cardholders could be inconvenienced and we continue to both monitor this event and take steps to safeguard account information.

"If cardholders have any concerns about their individual accounts, they should contact their issuing financial institution."

Visa echoed MasterCard's statement, emphasising that its customers are not responsible for fraudulent purchases, according to the BBC.

Discover Financial Services said it was monitoring accounts and would reissue cards if necessary.

Customer data exposed in breach

On Sunday, Global Payments issued a statement saying that "the affected portion of its processing system is confined to North America and less than 1,500,000 card numbers may have been exported… Based on the forensic analysis to date, network monitoring and additional security measures, the company believes that this incident is contained.”

"It’s also unclear how Global Payments’ timeline of the incident meshes with that of MasterCard and Visa," the blog said.

This latest breach of the MasterCard and Visa data is an all too painful reminder of why companies need to automate and enforce strong access controls

Kevin Cunningham, SailPoint

In an alert sent to card-issuing banks, the card associations said the window of vulnerability for the breached processor was between 21 January 2012 and 25 February 2012. The alert also said that enough data was exposed for hackers to make counterfeit cards.

Yet, in a statement on Friday, Global Payments said its own security systems identified and self-reported the breach, which it said was detected in early March 2012.

In its follow-up statement on Sunday, the company said cardholder names, addresses and social security numbers were not obtained by the criminals.

A technical problem affecting the Visa network prevented some US customers from using their credit and debit cards for 45 minutes on Sunday, but Visa told The Associated Press that the outage was caused by an update it made to its system, and was not related to the Global Payments breach.

Businesses still vulnerable to security breaches

Kevin Cunningham, president and co-founder of identity governance software firm, SailPoint, said the incident shows that large-scale security breaches are still taking place, and when they do they are very impactful to the business.

"To prevent these types of breaches, organisations must put security controls in place to conduct regular reviews of user accounts and monitor privileged user account activity to spot rogue accounts," he said.

Without strong, enforceable password policy and detective controls over user accounts, Cunningham said companies easily fall victim to intruders who break in and set up accounts to siphon off customer data.

"This latest breach of the MasterCard and Visa data is an all too painful reminder of why companies need to automate and enforce strong access controls," he said.

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy